Sorry, I made a mistake in review here:
On Sun, Aug 19, 2018 at 11:26:22PM -0500, Scott Cheloha wrote:
> On Sun, Aug 19, 2018 at 09:40:43AM +0100, Ricardo Mestre wrote:
> >
> > [...]
> > @@ -446,7 +451,8 @@ ac(FILE *fp)
> > */
> > if (*usr.ut_name) {
> > if (strncmp(usr.ut_line, "tty", 3) != 0 ||
> > - strchr("pqrstuvwxyzPQRST", usr.ut_line[3])
> > != NULL ||
> > + memchr("pqrstuvwxyzPQRST", usr.ut_line[3],
> > + sizeof("pqrstuvwxyzPQRST")) != NULL ||
>
> The memchr length needs to be sizeof("p...") - 1, otherwise you'll include
> the NUL terminator in your search.
I am wrong about the strchr. It's correct and should not be changed, I
misread it yesterday and then again today.
>
> > *usr.ut_host != '\0')
> > head = log_in(head, &usr);
> > } else
> > @@ -457,7 +463,8 @@ ac(FILE *fp)
> > (void)fclose(fp);
> > if (!(Flags & AC_W))
> > usr.ut_time = time(NULL);
> > - (void)strlcpy(usr.ut_line, "~", sizeof usr.ut_line);
> > + (void)strncpy(usr.ut_line, "~", sizeof usr.ut_line);
> > + usr.ut_line[sizeof(usr.ut_line) - 1] = '\0';
>
> Same deal here, use sizeof(usr.ut_line) - 1 for the strncpy length.
> >
> > if (Flags & AC_D) {
> > ltm = localtime(&usr.ut_time);
> >
